README
changeset 26 2c4f499ea12f
parent 20 f4daa224dc7e
child 28 583ed103e021
equal deleted inserted replaced
25:9d78dca32325 26:2c4f499ea12f
   172 *except* that any changeset which writes to "dontwritethis" will be
   172 *except* that any changeset which writes to "dontwritethis" will be
   173 rejected.
   173 rejected.
   174 
   174 
   175 - For similar reasons, don't give "init" rules file conditions.
   175 - For similar reasons, don't give "init" rules file conditions.
   176 
   176 
       
   177 - Don't try to deny write access to a particular file on a particular
       
   178 branch - a developer can write to the file on another branch and then
       
   179 merge it in.  Either deny all writes to the branch from that user, or
       
   180 allow them to write to all the files they can write to on any branch.
       
   181 In other words, something like this will have the intended effect
       
   182 
       
   183   write user=docs/* branch=docs file=docs/*
       
   184 
       
   185 But something like this will not have the intended effect; it will
       
   186 effectively allow these users to write to any file on any branch, by
       
   187 writing it to "docs" first:
       
   188 
       
   189   write user=docs/* branch=docs
       
   190   write user=docs/* file=docs/*
       
   191   read user=docs/*
       
   192 
   177 LOCKING YOURSELF OUT
   193 LOCKING YOURSELF OUT
   178 
   194 
   179 If you find yourself "locked out" - that is, that you no longer have
   195 If you find yourself "locked out" - that is, that you no longer have
   180 the permissions needed in hgadmin - you can break back in again if
   196 the permissions needed in hgadmin - you can break back in again if
   181 you're able to become the "hg" user on the repository host.  Once you
   197 you're able to become the "hg" user on the repository host.  Once you